[NTOS:MM] Implement MmProbeAndLockProcessPages (#7221)

Implement undocumented MmProbeAndLockProcessPages routine. Based on mm-implement-mappingaddress.patch by Thomas Faber from CORE-10147, with some improvements from me. It's badly required by FltMgr.sys driver from Windows XP/Server 2003 and closely used by a lot of apps those are depending on this driver (e. g., Avast Free Antivirus several versions, Avira Antivir Personal 8.2 etc. etc.). Fixes several asserts from MDL support routines when the 3rd-party minifilter drivers are loading FltMgr. CORE-14157
2024-09-21 18:17:19 +00:00 · 2024-08-08 21:02:35 +02:00 · 2024-08-08 21:02:35 +02:00 · 5d96ba9217
parent 724b20d414
commit 5d96ba9217
1 changed files with 48 additions and 8 deletions
--- a/ntoskrnl/mm/ARM3/mdlsup.c
+++ b/ntoskrnl/mm/ARM3/mdlsup.c
@ -1671,19 +1671,59 @@ MmProtectMdlSystemAddress(IN PMDL MemoryDescriptorList,
    return STATUS_NOT_IMPLEMENTED;
 }

-/*
- * @unimplemented
+/**
+ * @brief
+ * Probes and locks virtual pages in memory for the specified process.
+ *
+ * @param[in,out] MemoryDescriptorList
+ * Memory Descriptor List (MDL) containing the buffer to be probed and locked.
+ *
+ * @param[in] Process
+ * The process for which the buffer should be probed and locked.
+ *
+ * @param[in] AccessMode
+ * Access mode for probing the pages. Can be KernelMode or UserMode.
+ *
+ * @param[in] LockOperation
+ * The type of the probing and locking operation. Can be IoReadAccess, IoWriteAccess or IoModifyAccess.
+ *
+ * @return
+ * Nothing.
+ *
+ * @see MmProbeAndLockPages
+ *
+ * @remarks Must be called at IRQL <= APC_LEVEL
 */
+_IRQL_requires_max_(APC_LEVEL)
 VOID
 NTAPI
-MmProbeAndLockProcessPages(IN OUT PMDL MemoryDescriptorList,
-                           IN PEPROCESS Process,
-                           IN KPROCESSOR_MODE AccessMode,
-                           IN LOCK_OPERATION Operation)
+MmProbeAndLockProcessPages(
+    _Inout_ PMDL MemoryDescriptorList,
+    _In_ PEPROCESS Process,
+    _In_ KPROCESSOR_MODE AccessMode,
+    _In_ LOCK_OPERATION Operation)
 {
-    UNIMPLEMENTED;
-}
+    KAPC_STATE ApcState;
+    BOOLEAN IsAttached = FALSE;

+    if (Process != PsGetCurrentProcess())
+    {
+        KeStackAttachProcess(&Process->Pcb, &ApcState);
+        IsAttached = TRUE;
+    }
+
+    /* Protect in try/finally to ensure we detach even if MmProbeAndLockPages() throws an exception */
+    _SEH2_TRY
+    {
+        MmProbeAndLockPages(MemoryDescriptorList, AccessMode, Operation);
+    }
+    _SEH2_FINALLY
+    {
+        if (IsAttached)
+            KeUnstackDetachProcess(&ApcState);
+    }
+    _SEH2_END;
+}

 /*
 * @unimplemented